Wednesday, February 16, 2005

Finding Rootkits

I was reading Bruce Schneier's blog today and found a post on the Ghostbuster, which is an idea from Microsoft that would check a system for rootkits and other hidden software. The application would reside on a CD with it's own OS and once inserted would check the system for hidden files and folders that may belong to a piece of malware or exploit.

The idea seems very efficient, except that the system would have to be stopped to perform the check... A solution to this problem would be to have several servers load-balanced so that the sysadmin could check each system while there were other servers there to maintain the load.

This idea could also be accomplished using Knoppix, albeit not as quickly or efficiently unless the admin had written a script or program to check it for them.

No comments: